ffmpeg-sdk vulnerable to OS Command Injection

A command injection vulnerability affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js...

xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)

A command injection vulnerability affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopenfilepath...

CVE-2022-34374

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system...

A OS Command Injection vulnerability exists in Node.js versions <14.20.0 <16.20.0 <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:2491-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2491-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost che...

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2022:2416-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2416-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost che...

CVE-2022-22555

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation ma...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:2417-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2417-1 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the dat...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com https://www.se.com/ww/en/product/5200WHC2/home-controller-spacelogic-cbus-cbus-ip-free-standing-24v-dc/...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:2425-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2425-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost che...

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2022:2430-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2430-1 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost che...

CVE-2022-33923

Dell PowerStore T: OS Command Injection in versions prior to 3.0.0.0. A locally authenticated attacker could execute arbitrary commands on the underlying OS, potentially taking over the system. Affected component is the PowerStore T environment; root cause is an OS command-injection vulnerability...

CVE-2022-22555

CVE-2022-22555 – Dell EMC PowerStore OS command injection : A locally authenticated attacker could exploit a vulnerability in the PowerStore OS to run arbitrary OS commands with the vulnerable application’s privileges, potentially leading to privilege escalation. Affected product is Dell EMC Powe...

CVE-2022-22555

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation ma...

CVE-2022-2486

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2487

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

Command injection

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument starthour leads to os command injection. The exploit has been disclosed to the public and may be us...

Command injection

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488 WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...